Choosing a firewall. - Security

This is a discussion on Choosing a firewall. - Security ; I am running a single desktop computer connected to the Internet. My wife has a laptop running Windows XP, which is linked via the external wireless router. She used Computer Associates firewall, which works like Zone Alarm, and allows connections ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: Choosing a firewall.

  1. Choosing a firewall.

    I am running a single desktop computer connected to the Internet. My wife
    has a laptop running Windows XP, which is linked via the external wireless
    router. She used Computer Associates firewall, which works like Zone
    Alarm, and allows connections to be allowed or refused individually.

    I would prefer a similar firewall on my Mandriva box. The command-line crew
    seem to go for Shorewall. I am at present using Guarddog, which does have
    a GUI. I think that I did see a Linux program with an interface similar to
    ZoneAlarm, but in reality it didn't work that way at all.

    Any recommendations please?

    Doug.
    --
    If we do not believe in freedom of speech for those we despise we do not
    believe in it at all.
    - Noam Chomsky


  2. Re: Choosing a firewall.

    > I am running a single desktop computer connected to the Internet. My wife
    > has a laptop running Windows XP, which is linked via the external wireless
    > router. She used Computer Associates firewall, which works like Zone
    > Alarm, and allows connections to be allowed or refused individually.


    This can't be done, even if the manufacturer tells you so. Every
    maliscious code that wants to connect to the internet can establishe
    this connection. You only see programs which are so smart to let you
    control them.

    > I would prefer a similar firewall on my Mandriva box. The command-line crew
    > seem to go for Shorewall. I am at present using Guarddog, which does have
    > a GUI. I think that I did see a Linux program with an interface similar to
    > ZoneAlarm, but in reality it didn't work that way at all.


    See above. But if you like to have a GUI for creating your iptables
    firewall rules, take a look at fwbuilder (http://www.fwbuilder.org/)


    --
    Ulf Leichsenring
    ulf@leichsenring.net

  3. Re: Choosing a firewall.

    I'm new to linux and using Firestarter via Ubuntu, from what I understand
    all these firewall applications are just a GUI for the built-in iptables.

    --
    Gerry (The MOTH)

    "Doug Laidlaw" wrote in message
    news:hudee4-on7.ln1@dougshost.douglaidlaw.net...
    >I am running a single desktop computer connected to the Internet. My wife
    > has a laptop running Windows XP, which is linked via the external wireless
    > router. She used Computer Associates firewall, which works like Zone
    > Alarm, and allows connections to be allowed or refused individually.
    >
    > I would prefer a similar firewall on my Mandriva box. The command-line
    > crew
    > seem to go for Shorewall. I am at present using Guarddog, which does have
    > a GUI. I think that I did see a Linux program with an interface similar
    > to
    > ZoneAlarm, but in reality it didn't work that way at all.
    >
    > Any recommendations please?
    >
    > Doug.
    > --
    > If we do not believe in freedom of speech for those we despise we do not
    > believe in it at all.
    > - Noam Chomsky
    >




  4. Re: Choosing a firewall.

    Doug Laidlaw (07-04-05 15:27:13):

    > I am running a single desktop computer connected to the Internet. My
    > wife has a laptop running Windows XP, which is linked via the external
    > wireless router. She used Computer Associates firewall, which works
    > like Zone Alarm, and allows connections to be allowed or refused
    > individually.


    A desktop firewall can be secured by not working as the administrator,
    but letting the packet filter run with administrative privileges, or at
    least higher than yours'. Any (not too buggy) packet filter will do
    then.

    However you do, having control over each individual connection is
    overkill, and will lead a novice user to both bad decisions and a false
    sense of security. Instead create a small set of static rules that will
    do their job, and do it well. The simpler this ruleset is, the better
    was your idea behind it.


    > I would prefer a similar firewall on my Mandriva box. The
    > command-line crew seem to go for Shorewall. I am at present using
    > Guarddog, which does have a GUI. I think that I did see a Linux
    > program with an interface similar to ZoneAlarm, but in reality it
    > didn't work that way at all.
    >
    > Any recommendations please?


    Depends. If you want maximum control, you will want to use iptables
    directly. It's not difficult. If you don't understand its man-page
    iptables(8), there are plenty of very good introductions. Go for the
    HOWTOs at the Linux Documentation Project [1].


    Regards,
    Ertugrul Söylemez.


    References:
    [1] http://tldp.org/


    --
    From the fact that this CGI program has been written in Haskell, it
    follows naturally that this CGI program is perfectly secure.

  5. Re: Choosing a firewall.

    Doug Laidlaw wrote:
    > I am running a single desktop computer connected to the Internet. My wife
    > has a laptop running Windows XP, which is linked via the external wireless
    > router. She used Computer Associates firewall, which works like Zone
    > Alarm, and allows connections to be allowed or refused individually.



    > Any recommendations please?


    Since you have some level of security established maybe now is the time to learn something more. DL a
    copy of Smoothwall. Buy a $50 P3 somewhere and install Smoothwall onto that box. Use it as a
    dedicated firewall/NAT box for your internal network i.e, you and your wife's boxen attach to it and
    not your dsl/cable modem. After you have that setup, you can disable all the firewalling on your
    internal machines, but keep the virus protection intact on the Winbox.

    Or if you're feeling adventurous, install OpenBSD onto a cheap P3 and use it in the same fashion.
    There are a multitude of solutions and some of the other posters have provided some of them. Goodluck!

  6. Re: Choosing a firewall.

    You have two computers, one wireless, that connect to the internet. This
    implies that you have a router, probably connected to some form of high
    speed internet connection.

    Your router should have a firewall built in to it. Review your router
    documentation and verify that its firewall is active. This is you first
    line of defense. Change the router password to a strong one and make
    sure that you have the WAN update feature disabled.

    The wireless access point feature is a likely place for your network to
    be attacked. You should be using WPA-PSK security with a strong
    passphrase. Some additional security can be obtained by limiting the
    wireless access to allow only your wife's laptop, using MAC address
    filtering. You can also disable the transmission of the SSID from the
    router but this is a problematical thing to do because it'll make it
    harder for her laptop to connect.

    I'd keep the firewalls active on both systems because your network is
    subject to attack through the WAP (wireless access point). You could
    also turn on the router's logging of assigned IP addresses and check the
    logs regularly to see if anyone else is using the WAP.

    If you have any "not allowed to use the computer" persons in your house;
    a babysitter for example, you need to make sure that all of the
    computers have power on passwords activated to prevent unauthorized use.

    Phil Sherman


    Doug Laidlaw wrote:
    > I am running a single desktop computer connected to the Internet. My wife
    > has a laptop running Windows XP, which is linked via the external wireless
    > router. She used Computer Associates firewall, which works like Zone
    > Alarm, and allows connections to be allowed or refused individually.
    >
    > I would prefer a similar firewall on my Mandriva box. The command-line crew
    > seem to go for Shorewall. I am at present using Guarddog, which does have
    > a GUI. I think that I did see a Linux program with an interface similar to
    > ZoneAlarm, but in reality it didn't work that way at all.
    >
    > Any recommendations please?
    >
    > Doug.


  7. Re: Choosing a firewall.


    >
    > Or if you're feeling adventurous, install OpenBSD onto a cheap P3 and
    > use it in the same fashion. There are a multitude of solutions and some
    > of the other posters have provided some of them. Goodluck!


    OpenBSD is a great suggestion. And it is a great learning experience.
    Also it is a slightly different install than your traditional linux
    installation in case you have never ventured into it.

  8. Re: Choosing a firewall.

    On 5 Apr, 10:33, "Gerry \(The MOTH\)" wrote:
    > I'm new to linux and using Firestarter via Ubuntu, from what I understand
    > all these firewall applications are just a GUI for the built-in iptables.
    >


    I'd like to think I know what I'm doing, and would also recommend
    Firestarter.

    Because of the way (every-other-operatirng-system-apart-from-
    Misrosoft's) work, its not really practical to allow/disallow client
    connections on a per-executable basis - and if you do run on Microsoft
    it's relatively easy to fool so doesn't really help much.

    (yes I know about app-armour and similar, but I didn't think it would
    help the discussion at this point).

    C.


  9. Re: Choosing a firewall.

    Hi,

    shorewall is great, I used it in the past. Its very easy to handle even
    without a graphical user interface.

    You may also have a look at "arno-iptables-firewall - Single- and
    multi-homed firewall script with DSL/ADSL support". I have tested it and
    it works also very great. Its very easy to configure.

    Bye,

    J.E.Peters

  10. Re: Choosing a firewall.

    Hi,

    We use the SafeSquid Free Edition.
    Easy to install and has a GUI interface of management.
    Great forum-based support.

    Cheers.
    Seans.


+ Reply to Thread